The storage configured for a host might include one or more storage area networks (SANs) that use iSCSI. When iSCSI is configured on a host, administrators can take several measures to minimize security risks.
iSCSI is a means of accessing SCSI devices and exchanging data records by using TCP/IP over a network port rather than through a direct connection to a SCSI device. In iSCSI transactions, blocks of raw SCSI data are encapsulated in iSCSI records and transmitted to the requesting device or user.
One means of securing iSCSI devices from unwanted intrusion is to require that the host, or initiator, be authenticated by the iSCSI device, or target, whenever the host attempts to access data on the target LUN. Authentication proves that the initiator has the right to access a target,
ESXi and iSCSI support Challenge Handshake Authentication Protocol (CHAP), which verifies the legitimacy of initiators that access targets on the network. Use the vSphere Client or the vSphere Web Client to determine whether authentication is being performed and to configure the authentication method. For information about configuring CHAP for iSCSI see the vSphere documentation